deepread
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: The skill transmits local files (PDFs and images) to an external domain (api.deepread.tech) for OCR processing. While this is the core function of the skill, it involves data transfer to third-party infrastructure not listed in the trusted vendors list.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted documents and returns the extracted text to the agent context without isolation.
- Ingestion points: Local PDF and image files processed through the /v1/process endpoint.
- Boundary markers: Absent. The skill does not implement delimiters or safety instructions to distinguish extracted OCR text from agent instructions.
- Capability inventory: Performs network operations using curl and the Python requests library.
- Sanitization: Absent. No filtering or validation is performed on the extracted text to detect or mitigate embedded malicious instructions.
Audit Metadata